General
-
Target
e29b39335668109ee4c21dee344e7440_JaffaCakes118
-
Size
372KB
-
Sample
240915-qycnbaxajj
-
MD5
e29b39335668109ee4c21dee344e7440
-
SHA1
35cb6f0ba4ceb2190448c00e65add5d360ac90aa
-
SHA256
e224cad667100ff7a9e844daa26754e8868559e322180bb5e5af8a092a110593
-
SHA512
57288c2412bd0f58d2838edc08b1167a435e6a15d1e3600a1cb92e0a002159fde58dcb3d8647f54693126b0eef3476e7d3a3c5cc0d6fe979a90c855c0cdd4ed9
-
SSDEEP
6144:p9NtPjdTlDNKMdUjR7YYuRz7BJHedbE3A6x5YLfsWBjs7ikWRNhZWe48mL395Res:NtPBPdUNnoH2bE3A6x5KxkGYvdd05E7
Static task
static1
Behavioral task
behavioral1
Sample
e29b39335668109ee4c21dee344e7440_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
e29b39335668109ee4c21dee344e7440_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1334164197:AAHq_iXmNrtcwtwuY6ayBL5myHMF1EDxFaY/sendDocument
Targets
-
-
Target
e29b39335668109ee4c21dee344e7440_JaffaCakes118
-
Size
372KB
-
MD5
e29b39335668109ee4c21dee344e7440
-
SHA1
35cb6f0ba4ceb2190448c00e65add5d360ac90aa
-
SHA256
e224cad667100ff7a9e844daa26754e8868559e322180bb5e5af8a092a110593
-
SHA512
57288c2412bd0f58d2838edc08b1167a435e6a15d1e3600a1cb92e0a002159fde58dcb3d8647f54693126b0eef3476e7d3a3c5cc0d6fe979a90c855c0cdd4ed9
-
SSDEEP
6144:p9NtPjdTlDNKMdUjR7YYuRz7BJHedbE3A6x5YLfsWBjs7ikWRNhZWe48mL395Res:NtPBPdUNnoH2bE3A6x5KxkGYvdd05E7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-